Archive for April, 2009

In a continuation of President Obama’s campaign for openness, a White House photostream has been created. The terrific photos were taken by the official White House photographer, but anyone can download them and use them. The photos are offered under a Creative Commons 2.0 Attribution license. All you have to do when you use the photo is to attribute it.¬†This is modern, open, and terrific.

Unfortunately, it’s wrong.

Neither the White House nor the official White House photographer can own these photos. The American people own them. They are federal property so they are your property. The government can’t own a copyright and a government worker can’t claim a copyright on work he did as part of his government job.

Doubtless attributing the photos is the right thing to do. But it can’t be a legal requirement.

It is also modern to assume everything is copyrighted, since that is virtually always the case. I’m sure the White House is trying to say these photos are in the public domain. But it’s awfully hard to say that. It’s pretty much impossible to give up your rights if you have them — the Creative Commons license was designed to do something very much like that. So the White House’s instinct is exactly right. It has simply forgotten that it, unlike any other creator of a creative work, can’t own copyrights in the first place.

The swine flu panic is going to be electronically mediated in a way no previous threat to public health has been. Flu information sites have sprung up in which news stories and data are being aggregated — the Flu Wiki Forum and Wikia’s Flu Wiki, which has a nice Google map mashup showing where the cases are.

The intrepid and slightly paranoid (I know he won’t mind my saying so) Chris Soghoian has another angle in his post on Swine Flu and the Threat to Privacy. Eight students from one New York City school are suspected of having contracted this strain of influenza while on a school trip to Mexico. If they were suspected terrorists, the government would by this time have gotten their cell phone carriers to turn over lists of all the people they had telephoned recently. It would be easy enough — yes, this is true — to ask the carriers to turn over lists of the names of all people with cell phones that had been within 100 feet of one of the students’ cell phones during their Mexico trip or thereafter. Now stored cell phone geolocation information isn’t that precise, so the data request would probably yield a lot of false positives — people in the same general area but not that close.

The information may well have been collected already. And that may well be exactly the right thing to do. After all, the first rule of epidemics is that controlling them becomes exponentially harder if they are allowed to spread; you don’t wait until they are severe before reacting. Do we know? If the data has been collected, do we have any confidence that it isn’t going to be repurposed, and that it will be discarded eventually?

A new law in South Korea would require those who run web sites to get and retain identifying information about the people who post on their sites. Google, which has been criticized in the past for complying with the demands of authoritarian regimes for information about its users, took the extreme step of disallowing all YouTube uploads and comments in Korea. Bravo — this will cost Google some market share, and may put pressure on the government. (Or perhaps not. YouTube is not the leading video site in Korea.) The government feels dissed and is saying as much to Google.

But today also reminds us that sometimes people using the Internet really are criminals and we are glad they are leaving electronic fingerprints behind. A series of assaults on women around Boston was solved very quickly because the alleged perpetrator was incautious enough to send an email from his home to one of his victims. Detectives obtained his IP address from the ISP and started to surveil his house. Security videos at the several crime scenes showed him tapping on his Blackberry; that was another good source of electronic forensics. (How many people could have used the same Blackberry from the three locations at the same times as the video camera showed this gentleman keeping busy?)

The two stories are not incompatible. Such records could be kept for a few weeks for police purposes and then discarded so they won’t be used for mischievous purposes later. Societies lose something by keeping data, and also lose something by deleting it. It’s just a question of making the right tradeoffs.

More on orphan works — copyrighted works whose copyright holders are unknown, often because they have been out of print for so long. the Google Books settlement would indemnify Google if it distributed a copy of an orphan work and the true rights holder turned up later on and sued.

The Internet Archive describes itself as “a digital library of Internet sites and other cultural artifacts in digital form,” and goes on to say, “Like a paper library, we provide free access to researchers, historians, scholars, and the general public.” The Archive maintains the WayBack Machine, which allows you to retrieve old copies of web pages, but it is also a founding member of the Open Content Alliance, digitizing texts and other materials for public access. It is therefore in something of the same business as Google — except for some crucial differences. The Internet Archive is a nonprofit and it is giving stuff away without trying to make money dong so. And thus far it has scanned only public domain works and those copyrighted materials for which it has gotten permission in advance — Google just scanned first and waited to be sued (that’s what brought about the proposed settlement). The Archive does not want to be disadvantaged by being forced to avoid orphan works, or to be subject to suits against which Google is immunized. So, although it is not seeking to interfere with the Google Books settlement, it is asking the court for the same protections Google is getting.

Both Google and the Authors and Publishers oppose the Archive’s move. Which seems to me in itself to raise a flag about the likelihood that the settlement will create a monopoly in the digital library domain.

A teacher and school administrator in Virginia tells a frightening story of having to defend himself against child abuse and child pornography charges because he transferred a photo of a half-naked girl to his cell phone and his office computer in the course of investigating a student sexting complaint.

The moral here is that with every student a photographer and a publisher, every schoolteacher can become a detective in an area of crime where the consequences are extremely serious. Adolescent experimentation has tripped legal standards that were put in place to cover an entirely different behavior, and the technology, the law, and student behavior have not progressed in a coordinated way.

“Autocide.” I just made that up, to mean “killing an automobile.” (To my classicist friends, I do know that’s a hybrid, Greek root and Latin ending.)

My old Volvo (really my daughter’s — she has no place to park it) has had the “check engine” light on for years. Every time the mechanic has checked it, the word comes back the same: “Can’t find anything. Must be the check-engine circuit itself. We could fix it but that would be a waste of money.” And for years the engine has given us no trouble. The car has a few other kinks — an odd noise or two, the odometer stopped at about 135,000 miles several years ago, and it won’t hold an A/C charge — but it’s been a fine second car which I use only for short trips.

I took it to get its annual inspection today, and the mechanic brought it back with the big R sticker on the windshield. What’s wrong? “Check engine light.” “I know,” I protested. “It’s been on for five years and they always tell me there’s nothing wrong with the engine.” “Can’t help you, buddy,” the mechanic says. “They changed the system. These tests are automated now. The computer detects that the check-engine light is on and flunks the car automatically. That’s all there is to say.”

What is there to say? We are the captives of the machines we create to make us safer.

The only consolation, I guess, is that the mechanic didn’t like that sound in the right wheel-well either, and would have flunked me for that anyway. And that probably really is important.

I wrote in the post just below that given a legal pretext to block web sites, as is being done in Korea, other governments would adopt similar strategies to serve their own purposes. This afternoon’s news brings a great example, right from the USA. Tennessee schools are blocking informational sites about gay and lesbian sexuality, apparently on the pretext that they are harmful to minors. The sites of ministries by heterosexual “converts” from homosexuality are not filtered out.

South Korea has implemented a three-strikes law ostensibly designed to combat music piracy. Three violations of copyright and you lose your Internet connection. Similar laws are being considered in France and elsewhere, but have been slowed by concerns about limiting citizens’ rights to private communication. The Koreans have just charged ahead. ArsTechnica summary here, and fuller Korea Times article here.

This law goes way beyond what even the most ambitious recording and movie industry lawyers could have hoped for, as any web site could be shut down for posting a few photos — or allowing others to post a few articles — that are supposedly copyrighted. A blogger quoted in the Korea Times says,

The law could have the government shutting down not only major Web portals, but online message boards of smaller companies and even `meta sites’ that compile blog posts. And the member blogs of the meta sites could be interpreted as online message boards, too.¬†The law draws a dreadful picture of the future, as Internet users will be required to submit their real names to post on individual blogs and not even imagine using the online message boards of Web portals or meta sites due to the worries of having his or her Internet cut off.

The powers granted to the government are so sweeping that there is suspicion that restraining copyright infringement is not the real or only agenda. As the Korea Times reports,

Critics question whether the new copyright law could eventually be used to suppress certain sites, such as Agora, a discussion board operated by Daum (www.daum.net), which was a seedbed for anti-government criticism during the controversy over the beef issue.

Control the Internet, control the people. The same infectious ubiquity that caused Domino’s Pizza such instant ¬†misery — which Domino’s is fighting using the Internet itself — can be used against the government. This bears watching. If it’s implemented and works in South Korea, other governments will take the lesson.

Proxies are simply machines that sit between your computer and the Internet for the purpose of making you appear to be elsewhere. People in oppressive regimes use proxies such as Tor to surf the Web while hiding their IP addresses. Corporations use proxies so their employees can work from home but have the access privileges that ordinarily come from being on-site. Proxies are used everywhere to enhance the privacy of Internet communications.

And that’s a problem, apparently, according to the folks revising the sentencing guidelines, because of course criminals can use proxies to hide their footprints. How do you handle a technology that can be used for both good and ill? Short of banning it, you can say that IF you use it to commit a crime, the crime is worse than if you didn’t use it. Says¬†John Morris, general counsel for the Center for Democracy and Technology, “This is the government saying, ‘If you take normal steps to protect your privacy, we’re going to view you as a more sophisticated criminal.’”

What’s the point? Criminals are unlikely to cooperate by making their criminal acts more traceable so as to reduce their sentences if they get caught. Instead, proxies will get a bad reputation, as things that are risky or anti-social to use. In fact we should be encouraging proxies, and encryption, and other privacy-protecting technologies.

But it is a tricky argument to make, because this clause in the sentencing guidelines is irrelevant to anyone who hasn’t committed a crime — except that it is part of a general push to force all Internet activities more out in the open where the government can watch it. And us.